Wazuh

Wazuh is a free and open source platform for threat prevention, detection, and response. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments, with an endpoint security agent and a management server that collects and analyzes agent data.

It scans for malware, rootkits, suspicious anomalies, vulnerabilities, and configuration issues. Agents forward operating system and application logs for rule-based analysis, file integrity monitoring tracks content and permission changes, and active response can block threats or run remote commands. The web interface provides data visualization, analysis, status, and management.

Wazuh integrates with the Elastic Stack for alert navigation and includes orchestration for Docker, Ansible, Chef, Puppet, Kubernetes, Bosh, and Salt. It is maintained by Wazuh Inc., based on OSSEC, and offers self-hosted deployment with Docker containers and installation guides.